WinTechpedia: secure

Monday, July 13, 2009

The Last Password You Have to Remember

Do you have trouble remembering passwords? Is writing them on a piece of paper or text file not working? Well then password managers are what you need. Most browsers have one built in, but they are really simple and quite insecure. For example, in Firefox, with just a click on a button, all your saved passwords are revealed. You could add a Master Password, though most people do not. Some browsers like Google Chrome don’t even have a Master Password. Thats when third party managers come in.

Product Name: LastPass Password Manager
Platform: Windows, Mac, and Linux
Browser Integration:
Firefox Add-on, IE Add-on, Bookmarklets for any browser on any platform that supports Javascript (including Chrome, Safari, Opera, and even iPod Touch and iPhone)
Version Reviewed: 1.51.2

Rating:
95 out of 100

Upon installing LastPass, it will prompt you to set up a LastPass Account. Account you say? Yes, thats because this is fully online. LastPass is an online password manager. While that may seem a bit scary, the LastPass servers are host-proof, meaning even their employees cannot access the data. In addition, only the encrypted data is stored on their servers. The key to decrypt it lies in your hands, the master password. All encrpytion and decryption is done on your own computer. The key is not stored on their servers. They use a “salted hash.” Learn more about this here. Learn about their technology: AES-256 bit to secure your data here.

View the details in this flash slideshow. Having problems viewing it or want to view it in full screen? Click here (Picasa Web Albums).

I just started using LastPass and have officially switched to it for my password management. Having it stored online is very handy since I can use it to logon public shared computers.

I can also finally access all my stored data from Firefox and use it on virtually any browser.

Unlike most other Password Managers that integrate with the browser (including Firefox built in), LastPass doesn’t only fill when the page loads. Some sites, like CNET Download.com, fail to be autofilled by managers like Firefox built in because their login screen doesn’t load a new page. Its just a Javascript overlay window. LastPass fills it whenever the login forms appear not just when the page loads.

Also, unlike other managers, LastPass is multi platform and works on just about all browsers (though its superior on IE and Firefox).

It is also capable of searching your computer for stored passwords that are not properly secured and can easily be accessed by hackers. I had no problems having all my Firefox saved passwords imported into LastPass and deleted from Firefox.

Note: You must have third party cookies enabled or have lastpass.com on the Always Allow list or it will always log off automatically each time the browser closes regardless of your auto log off time settings.

Being all online means that you will have to put some trust into the folks at LastPass. While their host proof server has excellent security methods, this might not be the product for those who are really paranoid about their personal data.

Overall, LastPass is a very straightforward and easy to use yet powerful password management tool. The only password I need to remember now is my Master Password.

I have to say, LastPass rocks!

LastPass Home Page
LastPass Download Page
LastPass from Mozilla Add-ons (AMO)
Bookmarklet is available from within your account. Not recommended for Firefox and Internet Explorer as the plugin is much more superior. Learn more here.

Technorati Tags: LastPass,Password,Manager,Internet,Explorer,Firefox,Plugin,Extension,Bookmarklet,Secure

Friday, April 24, 2009

Surf Safely 1: Scan Links in Real Time. Not a Database.

Over my next few posts, I will be introducing a series of safe search advisors. Why have these? They help you know which sites are safe BEFORE you visit them and if you do visit them, most will warn you or even block the site. This is the first in the series.

Linkscanner (from Exploit Prevention Labs, now acquired by AVG) is back as an individual standalone product no longer requiring the AVG Suite.

Like other safe search tools, it puts tiny color coded icons next to search results showing if its safe. However, LinkScanner literally scans the links in real time rather than getting data off a database. This is a great way to protect from drive by downloads and other threats, but how effective is Linkscanner?

For Microsoft Windows only. Supports Internet Explorer and Mozilla Firefox.
Download from AVG Site.
Download from CNET Download.com.
The following test was run on Microsoft Windows Vista Home Premium SP1 on Mozilla Firefox 3.0.9.

Style: Real Time Scanning

Installation:
The installation is straight forward offering you the AVG Security Toolbar. The toolbar has a Yahoo! search bar that cannot be disabled, although the toolbar components can be. The box is checked by default. Remember to uncheck the box if you do not wish to have the toolbar, like me

User Interface:
Yes, it has a GUI. Basically the AVG Security Software one except just for LinkScanner. I found this to be unnecessary to be running in the background all day since Linkscanner isn't an antivirus product; it only runs in the browser.

Performance
Linkscanner's performance is actaully quite well. It barely slows the pages down. It scans each search result one by one, each taking a fraction of a second. The first few come out faster than other site advisors.

Known Malicious Site Test (Search-Shield)
Please do not visit any of the sites listed here unless you know what you're doing. They are known sites distributing malware. We will help but will not be held responsible for what may happen if you visit malicious sites.

screensavers.com: Linkscanner Scanned this as GREEN

warez.com: Linkscanner Scanned this as RED

Active Surf-Search
Upon visiting a scanned malicious site, a warning appears preventing you from visiting the page with a small link to click if you really want to go anyway, like the following shown when I entered warez.com into the location bar.

Additional Note: Linkscanner supports Google Search, Live Search, and Yahoo! Search. When I tested it, it didn't work on Yahoo! Search. On both browsers, green ratings shows as a white space and only sites not green have an icon (can't find any yellow or orange), as shown below. Notice only RED ratings are shown here.

Also, I found it nearly impossible to find a site scanned as Yellow or Orange with the majority being scanned as Green.

I recommend having all 3 types of advisors for optimal security: Community Based, Web Crawler, and Real Time Scanner. I use WOT, Norton SafeWeb, and Linkscanner. I used to use McAfee SiteAdvisor, however, from personal experience, it slowed down browsing, has a lot of inaccurate and/or obsolete ratings, and commonly didn't show up on Google searches. The ratings on this blog have been generated by WOT.

I am not affiliated with AVG or Exploit Prevention Labs in any way.
Download AVG Linkscanner here.

That's all folks for today! Please comment on tech as we need comments to improve on the tech guide. Don't hesitate to ask any questions. Thanks!
By - WinTechpedia™ 2009 Contributors.

WOT: Internet Security

WOT is a free browser add-on for Mozilla Firefox and Internet Explorer that lets you stay safe on the web. It adds safety ratings next to search engine's results and email links (Gmail, Yahoo! Mail, and Hotmail) as well as warn you of dangerous sites and even block them. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. Web Of Trust will warn you before you interact with a risky website. It's easy and it's free. Ratings of Trustworthiness, Vendor Reliability, Privacy, and Child Safety available. Our post can be found here.

Internet Explorer:

Mozilla Firefox: